Job Description

Are you a technical IT Risk Manager looking to join a dynamic team?

As an IT Risk Manager, your primary responsibility is to identify and manage potential risks to an organization's information technology systems and infrastructure. Your role involves assessing and mitigating risks, developing risk management strategies, and implementing controls to protect the organization's data and technology assets. Here are some key job responsibilities and skills typically associated with an IT Risk Manager:

Job Responsibilities:

• Risk Assessment: Conducting comprehensive risk assessments to identify potential threats and vulnerabilities in the IT systems and infrastructure.
• Risk Mitigation: Developing and implementing strategies to mitigate identified risks, such as developing security controls and policies, conducting vulnerability assessments, and recommending risk mitigation solutions.
• Compliance: Ensuring the organization complies with relevant industry standards, regulations, and best practices, such as ISO 27001, GDPR, or PCI-DSS.
• Incident Response: Establishing incident response procedures and coordinating with relevant stakeholders to manage and respond to security incidents and breaches.
• Security Awareness: Promoting security awareness and training programs to educate employees about IT risks and best practices for data protection.
• Business Continuity Planning: Collaborating with stakeholders to develop and test business continuity and disaster recovery plans to minimize the impact of IT-related incidents.
• Vendor Risk Management: Assessing and managing risks associated with third-party vendors and service providers that have access to the organization's IT systems and data.
• Risk Reporting: Providing regular reports to management and stakeholders regarding the status of IT risks, potential impact, and recommended actions.

• Serve in the role of an IT Risk Manager and IT Manager.
• Lead the IT Operations team with enhancements for the companies within the Group.
• Team capacity management (scheduling of work and priorities), ensuring the IT Operations Team is able to work efficiently.
• Delivering large-scale projects on time with high quality.
• Participate and input into the weekly management committee meetings, adding valuable perspective to the senior team and actively driving the growth of the business.
• Drive conceptual and logical architecture design for new initiatives.
• Develop standards, patterns, best practices for reuse and acceleration.
• Ensure existing and new initiatives are adhering to strategic architecture principles.
• Work with business partners to translate functional requirements into technical requirements.
• Ability to provide technical recommendations and trade-offs to address business needs and timelines and drive to resolution.
• Participate in cross-functional, cross-discipline architecture teams to enhance / set the architectural direction for key business initiatives.
• Participate in the continued definition of our target Strategies.
• Serve as a fully seasoned, technically proficient resource; routine accountability is for technical knowledge and capabilities as a team member or as an individual contributor.
• May or may not have direct reports but will influence and direct activities of a team related to special initiatives or operations.
• Influence, Negotiate and Lead technology alternative evaluations and implementations across the Technology and Line of Business organizations.
• IT Governance, Risk and Compliance:

1. Governance

• Deliver value to Group
• Strategic alignment
• Performance management
• Resource management
• Risk Management

2. Risk

• Designing and implementing an overall risk management process for the organization, which includes an analysis of the financial impact on the company when risks occur
• Performing a risk assessment: Analyzing current risks and identifying potential risks that are affecting the company
• Performing a risk evaluation: Evaluating the companyxe2x80x99s previous handling of risks, and comparing potential risks with criteria set out by the company such as costs and legal requirements
• Establishing the level of risk the company is willing to take
• Risk reporting tailored to the relevant audience (Educating the board of directors about the most significant risks to the business; ensuring business heads understand the risks that might affect their departments; ensuring individuals understand their own accountability for individual risks)
• Explaining the external risk posed by corporate governance to stakeholders
• Creating business continuity plans to limit risks
• Conducting policy and compliance audits, which will include liaising with internal and external auditors
• Building risk awareness amongst staff by providing support and training within the company

3. Compliance

• Implement and manage an effective legal compliance program.
• Develop and review company policies.
• Create and manage effective action plans in response to audit discoveries and compliance violations.
• Regularly audit company procedures, practices, and documents to identify possible weaknesses or risk.
• Assess company operations to determine compliance risk.
• Ensure all employees are educated on the latest regulations and processes.
• Resolve employee concerns about legal compliance.

4. IT Manager

• Managing IT staff by recruiting and training employees, communicating job expectations, and monitoring performance.
• Overseeing the annual IT budget and ensuring cost effectiveness.
• Monitoring daily operations, including server hardware, software, and operating systems.
• Coordinating technology installations, upgrades, and maintenance.
• Selecting and purchasing new and replacement hardware and software, when necessary.
• Testing, troubleshooting, and modifying information systems so that they operate effectively.
• Generating performance reports for operating systems.
• Ensuring all IT activities are performed within the parameters of applicable laws, codes, and regulations.
• Evaluating technology risks in order to develop a network disaster recovery plan and backup procedures.
• Remaining up to date with advances in technology and industry best practices.

5. Information Security Manager

• Provides subject-matter-expertise and management within Cybersecurity web application vulnerability area.
• Proactively identifies, implements and manages process improvements and agile solutions within functional area.
• Leads cross-functional discussions/initiatives to anticipate and mitigate issues and achieve required outcomes within required time-frames.
• Sets, articulates and oversees achievement of goals for assigned work-unit/sub-unit/function.
• Responsible for direct oversight of staff, tactical execution and implementation of operational plans.
• Prepares thorough and articulate executive summaries for senior leadership and participates in ad hoc work groups supporting IT strategy.
• Influences, interacts and makes decisions impacting across assigned disciplines, capabilities, services, technologies, domains or systems.
• Collaborates decisions with senior IT leadership.
• Ensures adherence to practices, procedures, precedents, policy and senior leadership direction.
• Tracks and ensures that expenses fall within budget.
• Conduct risk assessments on system intended for use by a program to determine the proper security compliance.
• Designs and implements Cybersecurity physical, procedural, and technical security controls.
• Partner with appropriate stakeholders to evaluate cybersecurity risks and vulnerabilities.
• Assess and mitigate system security threats and risks.
• Conduct regular audits to ensure proper security policy implementation, safeguard classified materials and provide guidance to program personnel.
• Special projects as needed.

6. Health and Safety
Employees are responsible and accountable for:

• Compliance with workplace policies and procedures for risk identification, risk assessment and risk control.
• Active participation in activities associated with the management of workplace health and safety.
• Identification and reporting of health and safety risks, accidents, incidents, injuries and property damage at the workplace.
• To ensure information/ instruction/training has been received to enable you to carry out your work.
• To advise company if your circumstances change that may affect your ability to work (i.e. becoming pregnant or suffering an injury)

7. General:

• Ensure adherence to all Health and Safety procedures.
• Adhere to Labour Regulations.
• Adhere to Company Policies and Procedures.
• Any ad hoc duties as required from time to time.
• Adhere to company requirements of trust and honesty.

Key Skills:

• Knowledge of IT Security: Strong understanding of information security principles, technologies, and best practices.
• Risk Management Expertise: Proficiency in risk assessment methodologies, risk analysis, and risk mitigation strategies.
• Compliance Knowledge: Familiarity with relevant industry regulations and standards, such as GDPR, HIPAA, or SOX.
• Technical Aptitude: Ability to understand and assess technical vulnerabilities and risks within IT systems and networks.
• Communication Skills: Excellent verbal and written communication skills to effectively communicate risks and recommendations to various stakeholders.
• Analytical Thinking: Strong problem-solving and analytical skills to identify and evaluate potential risks and recommend appropriate solutions.
• Leadership and Collaboration: Ability to lead and collaborate with cross-functional teams to implement risk management initiatives.
• Continuous Learning: A commitment to staying updated with the latest industry trends, emerging technologies, and security threats.
• Bachelorxe2x80x99s degree in Information Technology
• Microsoft Certifications
• Security Certifications

• CISA
• CISM
• CISSP (advantageous)
• CCSP (advantageous)
• 10 years working experience in various IT technologies
• 5 years of Management Experience
• Working knowledge of vulnerability assessments
• Knowledge of IT Risk identification and assessment

If you are interested in this opportunity, please apply directly. For more IT jobs, please visit . If you wish to send your CV per email forward your CV to and copy the reference number in brackets in the subject line of your e-mail.

If you have not had any response in two weeks, please consider the vacancy application unsuccessful. Your profile will be kept on our database for any other opportunities for which you might be more suitable.

We also invite you to contact us to discuss your next career move in IT!

For more information contact:
Tumi Diphoko on 011 622 9526
IT Recruitment Consultant

For more information please contact:

Tumi Diphoko

Network Recruitment